Wi-Fi Security (WPA encryption hack)

Recommended Posts

Many hacking problems reported on these pages used to stem from the insecurity of Wi-fi links and the solution generally proposed was to switch from WEP to WPA. Now it seems there's a real threat to the security of WPA. One take on a solution is a simple change to the WPA encryption standard, as described here: http://lifehacker.com/5079721/how-to-prote...om-the-wpa-hack

The key: Just log into your router, switch off Temporal Key Integrity Protocol (TKIP) as an encryption mode, and use Advanced Encryption System (AES) only. TKIP is the only protocol that the hack applies to, so switching to AES-only will ensure that your Wi-Fi network is safe again. It's quick and easy, so do yourself a favor and make the adjustment now so you don't run into any problems in the future.

I don't know about this proposal but I do know the threat is being taken seriously. Thanks to Steve Gibson at grc for further links:

... What these guys have done is to capture a packet out of the air, then make a series of small modifications to it, getting the access point to "approve or disapprove" of each of their small changes because the access point will blindly reject any packet having a wrong checksum (and it will say so). This allows them to induce the access point to give them feedback about the success of each small change they make. ...

Of course such activity is detectable and that points to the way for other defences to be developed.

Heh, I knew there was a reason I've avoided Wi-Fi (well, apart from impecuniousness).

Okay, so basically what ElcomSoft has come up with is not unexpected. They're using the extremely high-power integer engine inherent in state-of-the-art GPUs, the graphics processing units in NVIDIA display cards. They're using those to accelerate basically brute-force encryption attacks. And they give many examples in their flyer of different sorts of passwords that can be cracked. And what's most telling is that it's ElcomSoft themselves are only billing this, for example, as a high-powered way to maybe check for weak passwords in a corporate environment. They're only claiming that two of these cards, two NVIDIA cards and their software in a fast machine would break WiFi encryption up to a hundred times faster.

Okay, I don't doubt that at all. Except that it's already, like, 10^38 times harder to do anything with a good, random password. Now, they don't explain whether they're just brute-forcing the 128-bit encryption, or whether they're brute-forcing ASCII, which is then hashed using the WPA scheme into 128-bit key. So it's not exactly clear what it is they're doing. But the problem is that this SC magazine story which got picked up, and then which of course The Register in the U.K. picked up, and then Slashdot did, the guy who wrote the SC magazine story said, oh, this is the end of WiFi security as we know it.

I didn't know there was that 'background', thanks. But it IS background, not a retraction of what he now says - to put the cart before the horse in case other readers get the wrong impression.

That criticism (on October 23, 2008), apparently dealing with brute force decryprion, seems to bear little relationship - except for the subject being WPA security - to what he's now talking about (Nov 08, 2008 for his post, linked above) which deals with repeated (or 'patient') trials and eventual acceptance of injected data through the 'multiple parallel queues' loophole. Note this is not an actual crack, but a vulnerability, which he discusses at length in the post.

I guess a fortnight is a long time in computer security. Did you read the referenced post? Did you note it is later than the securitynow podcast?

Share this post

Link to post

Share on other sites

That criticism (on October 23, 2008), apparently dealing with brute force decryprion, seems to bear little relationship - except for the subject being WPA security - to what he's now talking about (Nov 08, 2008 for his post, linked above) which deals with repeated (or 'patient') trials and eventual acceptance of injected data through the 'multiple parallel queues' loophole. Note this is not an actual crack, but a vulnerability, which he discusses at length in the post.

I read even the latest remarks as being of the brute-force scenario ... the difference being that it's not the typical dictionary type approach.

At the moment, there is definitely way too much FUD (fear, uncertainty, doubt) involved .... the alleged hack itself and the real impact at present amd the other side being the documentation and terminology found within the various discussions (all over the net) and that found within the manuals and firmware of the hardware involved (and most panicked enough to actually try to get into reading specifications may not fully realize that they don't actually understand what they're reading.)

Share this post

Link to post

Share on other sites

...(and most panicked enough to actually try to get into reading specifications may not fully realize that they don't actually understand what they're reading.)

Sounds fairly much like the encapsualisation of the entire human condition with which I more than 'just' coincide . Yeah, I'm reminded on several levels of the MD5 hash 'crack' (2004) which it simply wasn't and still isn't to all intents and purposes IIUC. So, from my admittedly limited understanding ...

In that case a researcher demonstrated a 'collision' (two different strings with the same hash value) using a partial implementation of the MD5 algorithm. Worth remembering that within months collisions were exhibited on short strings using the 'proper'/full MD5 function and that further collisions on similar principles were demonstrated on SHA-0, MD4, HAVAL-128, and RIPEMD algorithms in short order. Also worth remembering that a collision is not cracking the algorithm - the hash values cannot be predicted, just they can no longer be assumed unique (and, the hash value being of finite length, that could never be taken to be the case anyway). The likelihood of real-world collision (probably) decreases with the length of the string being hashed. AFAIK, MD5 is still perfectly adequate for all but the most stringent applications (and even then might tend still to be used, only in conjunction with one or more other algorithms).

It is dangerous to rely too much on analogy but it would be equally dangerous to assume the WPA vulnerability remains a mere academic curiosity or that its 'graduation' to something else might take a long time. Those are not necessarily random bits that might be injected into the Wi-Fi data stream, so that's a big difference right there. And we're not talking (now) about huge - or even large - computing resources being required to perform a WPA-TKIP attack.

Those having the means to do so would seem well advised to change their WPA encryption standard from TKIP just in case (why not?). It would certainly seem premature at this stage to ditch a wireless router that doesn't have the option (though it seems some might be able to flash a firmware update/upgrade to acquire the option which would accordingly seem a worthwhile thing to do).

"No cause at all for fear," indeed, and while that phrase was (undoubtedly) used by Capt. Eddy Smith more than once in the early hours (local) of 15 April 1912, it is more usually sound advice. But a little prudence is an entirely different matter.

Share this post

Link to post

Share on other sites

Those having the means to do so would seem well advised to change their WPA encryption standard from TKIP just in case (why not?).

Ah, but that's exactly where a lot of confusion is coming from in oh so many other discussions. Some routers are listing separate entries for TKIP and AES, others only offer a combined single-line entry for TKIP + AES, others add on extra lines for WPA2, some even going further with WPA2-Consumer or Enterprise selections .... typically not a lot of Help files/data offered that fully explain all the differences.

It would certainly seem premature at this stage to ditch a wireless router that doesn't have the option (though it seems some might be able to flash a firmware update/upgrade to acquire the option which would accordingly seem a worthwhile thing to do).

It's not just the router involved, unfortunately. The old iBook and associated Graphite Airport wireless sitting here aren't capable of either. No quick and easy updates for a Compaq laptop here with an old 802.11b wireless PCMCIA card running under Win-98. On the other hand, all the other general lockdown procedures applied to that router, and it actually sits outside yet another router or two, so there is no direct access to my wired network. Lack of any critical/personal data on those computers, software firewalls installed, SSL connections to anything remotely 'serious' tends to keep the paranoid levels down on those connections.